Any TRUE programmer can also program in reverse, i.e. de-program.
GNU/Linux has the absolute best tool for the job: Ghidra.
Ha, ha, ha, ha, ha, ha, ha, ha, ha!
Any TRUE programmer can also program in reverse, i.e. de-program.
Let's see if you can assist the global effort in documenting the
xz-backdoor.
GNU/Linux has the absolute best tool for the job: Ghidra.
https://ghidra-sre.org/
I have posted an image of the xv-backdoor loaded into ghidra
and analyzed:
https://i.postimg.cc/NsrmMvDv/xz-backdoor.png
The left panel shows the dissassembled code and the right shows
the corresponding de-compile.
Notice the match:
xor edi, edi
mov esi, 0x12
mov edx, 0x46
mov ecx, 0x02
CALL .Llzma_decoder_end.1 <==> iVar4 = .Llzma_decoder_end.1(0, 0x12, 0x46, 2);
TEST EAX, EAX
JZ LAB_00100606 <==> if (iVar4 == 0) {
Ghidra is fucking fantastic!
Unfortunately, I will not be attempting to document the backdoor.
To do so would entail first learning thoroughly the functions of
sshd and I am not at all interested in network programming.
Yes, sshd. Did you think that the xz-backoor was about compression/ decompression? Ha, ha, ha, ha, ha, ha, ha, ha, ha!
Think again.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 11:04:53 |
Calls: | 6,706 |
Files: | 12,236 |
Messages: | 5,350,918 |